Other

Events with this classification type contain systems detected through the use of blacklists. These lists should clearly refer to abusive behavior, such as spamming, but the original source did not include more detailed information.

While little might might be known about the specific reason why the system was blacklisted, it still means it is blacklisted and therefore potentially inaccessible to services and users. Depending on the services running on the system, like mail or web server this could be helpful information that could be combined with other indicators.

The system identified by source is most likely on a blacklist and therefore could be unreachable. It is also an indicator that the system might be compromised. If available we include additional information like a classification identifier, extra orevent_description information. The system should be regarded as potentially compromised, further investigation is advised.